BackupPC-users
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [BackupPC-users] [newb] ssh rsync with restricted permissions

2011-04-07 17:32:11
Subject: Re: [BackupPC-users] [newb] ssh rsync with restricted permissions
From: Carl Wilhelm Soderstrom <chrome AT real-time DOT com>
To: backuppc-users AT lists.sourceforge DOT net
Date: Thu, 7 Apr 2011 16:30:01 -0500 
Sorry about the delay getting back to you on this. Disappeared into the
ever-increasing backlog of mail in my inbox.

On 03/30 02:45 , yilam wrote:
> Well I tried your setup (need I say I am new to backuppc?) with on the client:
> 
> * /etc/sudoers:
> Cmnd_Alias      BACKUP = /usr/bin/rsync --server --daemon *
> buclient          my-host = NOPASSWD: BACKUP
> 
> * ~buclient/.ssh/authorized_keys2
> no-pty,no-agent-forwarding,no-X11-forwarding,no-port-forwarding,command="sudo 
> /usr/bin/rsync --server --daemon --config=/etc/rsyncd.conf ." ssh-rsa 
> AAAAB....


To find the correct rsync command; get a working rsync connection going;
then copy what you see as the arguments to rsync (options following the
file) in 'ps ax'. It should end up looking something like this.

no-port-forwarding,no-X11-forwarding,no-agent-forwarding,command="sudo
/usr/bin/rsync --server --sender -logDtpr --exclude='/proc/*'
--exclude='/mnt/*' --exclude='/sys/*' --exclude='/tmp/*'
--exclude='/var/tmp/*' --exclude='/var/cache/apt/archives/*'
--exclude='/var/log/*' --delete --numeric-ids --block-size=2048 . /" ssh-dss
AAAAB.....
 
> * /etc/rsyncd.conf

Why are you using rsyncd instead of rsync invoked via ssh?

Normally when you run 'rsync -avz user@remotehost:/path/ /localpath' it
actually invokes ssh as the transfer mechanism. (In the bad old days it
defaulted to rsh and one had to explicitly specify '-e ssh' to make it use
ssh). Rsync makes an ssh connection to the remote side and starts rsync on
that side, sending the output back down the ssh tunnel to the local instance
of rsync. No rsyncd needed.



> >From the server (backuppc machine), I can do the following:
> 
> /usr/bin/rsync -v -a -e "/usr/bin/ssh -v -q -x -2 -l buclient -i 
> /var/lib/backuppc/.ssh/id_rsa" [email protected]::fullbackup /tmp/TEST

That looks like an invocation using rsyncd; which I would avoid. The time to
use rsyncd is when backing up Windows, because cygwin ssh+rsync is buggy and
doesn't work.

Keep in mind that BackupPC has both:
$Conf{XferMethod} = 'rsyncd';
$Conf{XferMethod} = 'rsync';

You should use 'rsync' for your XferMethod unless there's a really good
reason.

here's the RsyncClientCmd that I use with the above-listed ssh key.
$Conf{RsyncClientCmd} = '$sshPath -q -x -l rsyncbakup $host $rsyncPath
$argList+';


-- 
Carl Soderstrom
Systems Administrator
Real-Time Enterprises
www.real-time.com

------------------------------------------------------------------------------
Xperia(TM) PLAY
It's a major breakthrough. An authentic gaming
smartphone on the nation's most reliable network.
And it wants your games.
http://p.sf.net/sfu/verizon-sfdev
_______________________________________________
BackupPC-users mailing list
BackupPC-users AT lists.sourceforge DOT net
List:    https://lists.sourceforge.net/lists/listinfo/backuppc-users
Wiki:    http://backuppc.wiki.sourceforge.net
Project: http://backuppc.sourceforge.net/
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [BackupPC-users] /bin/mail: invalid option -- t, Michael Conner
Next by Date:  [BackupPC-users] Backup not respecting BlackoutPeriods, Long V
Previous by Thread:  Re: [BackupPC-users] [newb] ssh rsync with restricted permissions, Steve
Next by Thread:  [BackupPC-users] Managing connections to the administration interface, Grégoire COUTANT
Indexes:  [Date] [Thread] [Top] [All Lists]